CSTI
    vulnerabilityThe Ransomware Era (2020-Present) Daily Briefing Landmark Event

    Critical Vulnerabilities in Google Looker and SolarWinds Prompt Urgent Action

    Wednesday, February 4, 2026

    On February 4, 2026, the cybersecurity landscape was marked by significant vulnerabilities that could have severe repercussions for organizations utilizing Google Looker and SolarWinds products. Tenable Research has identified two critical vulnerabilities in Google Looker, labeled CVE-2025-12743, which could lead to remote code execution (RCE) and the theft of sensitive database credentials. Self-hosted Looker users are urged to upgrade immediately to mitigate these risks, as attackers could exploit a SQL injection flaw to exfiltrate data. Fortunately, no active exploitation has been reported thus far.

    In another pressing development, the Cybersecurity and Infrastructure Security Agency (CISA) has alerted organizations regarding a critical vulnerability (CVE-2025-40551) in SolarWinds Web Help Desk, which is currently being exploited. Federal agencies have been directed to apply patches by February 6, 2026, underscoring the urgency of this issue. Organizations must act swiftly to protect their systems from these emerging threats.

    Sources

    Google Looker SolarWinds CVE-2025-12743 CVE-2025-40551 ransomware data breach